[c-nsp] Strange IPSec problem

nasir.shaikh at bt.com nasir.shaikh at bt.com
Tue Dec 23 14:16:16 EST 2008

I have an Ipsec tunnel established between a 871 on the remote end and a
2811 on the central side. There are several other remote sites all
connecting to the same central router. All IPSec tunnels are active.
>From this particular router I can ping servers/hosts on the central site
without any problems. However, from a host (laptop) directly connected
to the 871 there are strange problems.
When doing a ping to a host it does not work.
Next a traceroute is done to the host which is successful.
Subsequent ping to the same host is successful.

Same is true the other way around:
>From a server on the central site a ping to the laptop fails.
A traceroute afterwards is successful.
Subsequent pings are successful.

Again, when doing pings from the router itself (using the LAN interface
as source) there are no connectivity problems.
Encryption / decryption counters are equal. There is no personal
firewall running on the laptop.

Anyone come across this issue?



More information about the cisco-nsp mailing list